1,354 research outputs found
Towards a Secure Smart Grid Storage Communications Gateway
This research in progress paper describes the role of cyber security measures
undertaken in an ICT system for integrating electric storage technologies into
the grid. To do so, it defines security requirements for a communications
gateway and gives detailed information and hands-on configuration advice on
node and communication line security, data storage, coping with backend M2M
communications protocols and examines privacy issues. The presented research
paves the road for developing secure smart energy communications devices that
allow enhancing energy efficiency. The described measures are implemented in an
actual gateway device within the HORIZON 2020 project STORY, which aims at
developing new ways to use storage and demonstrating these on six different
demonstration sites.Comment: 6 pages, 2 figure
Quantum resource estimates for computing elliptic curve discrete logarithms
We give precise quantum resource estimates for Shor's algorithm to compute
discrete logarithms on elliptic curves over prime fields. The estimates are
derived from a simulation of a Toffoli gate network for controlled elliptic
curve point addition, implemented within the framework of the quantum computing
software tool suite LIQ. We determine circuit implementations for
reversible modular arithmetic, including modular addition, multiplication and
inversion, as well as reversible elliptic curve point addition. We conclude
that elliptic curve discrete logarithms on an elliptic curve defined over an
-bit prime field can be computed on a quantum computer with at most qubits using a quantum circuit of at most Toffoli gates. We are able to classically simulate the
Toffoli networks corresponding to the controlled elliptic curve point addition
as the core piece of Shor's algorithm for the NIST standard curves P-192,
P-224, P-256, P-384 and P-521. Our approach allows gate-level comparisons to
recent resource estimates for Shor's factoring algorithm. The results also
support estimates given earlier by Proos and Zalka and indicate that, for
current parameters at comparable classical security levels, the number of
qubits required to tackle elliptic curves is less than for attacking RSA,
suggesting that indeed ECC is an easier target than RSA.Comment: 24 pages, 2 tables, 11 figures. v2: typos fixed and reference added.
ASIACRYPT 201
Enhancing IPsec Performance in Mobile IPv6 Using Elliptic Curve Cryptography
Internet has become indispensable to the modern society nowadays. Due to the dynamic nature of human activities, the evolving mobile technology has played a significant role and it is reflected in the exponential growth of the number of mobile users globally. However, the characteristic of the Internet as an open network made it vulnerable to various malicious activities. To secure communication at network layer, IETF recommended IPsec as a security feature. Mobile IPv6 as the successor of the current mobile technology, Mobile IPv4, also mandated the use of IPsec. However, since IPsec is a set of security algorithm, it has several well-known weaknesses such as bootstrapping issue when generating a security association as well as complex key exchange mechanism. It is a well-known fact that IPsec has a high overhead especially when implemented on Mobile IPv6 and used on limited energy devices such as mobile devices. This paper aims to enhance the IPsec performance by substituting the existing key exchange algorithm with a lightweight elliptic curve algorithm. The experiments managed to reduce the delay of IPsec in Mobile IPv6 by 67% less than the standard implementation
Multiprotocol Authentication Device for HPC and Cloud Environments Based on Elliptic Curve Cryptography
Multifactor authentication is a relevant tool in securing IT infrastructures combining two or
more credentials. We can find smartcards and hardware tokens to leverage the authentication process,
but they have some limitations. Users connect these devices in the client node to log in or request access
to services. Alternatively, if an application wants to use these resources, the code has to be amended
with bespoke solutions to provide access. Thanks to advances in system-on-chip devices, we can
integrate cryptographically robust, low-cost solutions. In this work, we present an autonomous device
that allows multifactor authentication in client–server systems in a transparent way, which facilitates
its integration in High-Performance Computing (HPC) and cloud systems, through a generic gateway.
The proposed electronic token (eToken), based on the system-on-chip ESP32, provides an extra layer
of security based on elliptic curve cryptography. Secure communications between elements use
Message Queuing Telemetry Transport (MQTT) to facilitate their interconnection. We have evaluated
different types of possible attacks and the impact on communications. The proposed system offers an
efficient solution to increase security in access to services and systems.Spanish Ministry of Science, Innovation and Universities (MICINN)
PGC2018-096663-B-C44European Union (EU
Set It and Forget It! Turnkey ECC for Instant Integration
Historically, Elliptic Curve Cryptography (ECC) is an active field of applied
cryptography where recent focus is on high speed, constant time, and formally
verified implementations. While there are a handful of outliers where all these
concepts join and land in real-world deployments, these are generally on a
case-by-case basis: e.g.\ a library may feature such X25519 or P-256 code, but
not for all curves. In this work, we propose and implement a methodology that
fully automates the implementation, testing, and integration of ECC stacks with
the above properties. We demonstrate the flexibility and applicability of our
methodology by seamlessly integrating into three real-world projects: OpenSSL,
Mozilla's NSS, and the GOST OpenSSL Engine, achieving roughly 9.5x, 4.5x,
13.3x, and 3.7x speedup on any given curve for key generation, key agreement,
signing, and verifying, respectively. Furthermore, we showcase the efficacy of
our testing methodology by uncovering flaws and vulnerabilities in OpenSSL, and
a specification-level vulnerability in a Russian standard. Our work bridges the
gap between significant applied cryptography research results and deployed
software, fully automating the process
Secure Lifecycle Management for Internet of Things Devices
In recent years, IoT devices have been adopted for various uses cases including for home applications such as smart lighting and heating and cooling systems. The IoT devices are simple and constrained devices. Usually, these simple devices are paired with and managed by controller devices such as smartphones over home wireless network. The pairing protocol along with the command and control protocols between the IoT device and the smartphone are usually proprietary. Therefore, users are required to install a dedicated application to access and control each brand and type of device. LwM2M has been designed as an open standard to increase interoperability between the simple devices from different ecosystems. It can be used to secure the connection between the simple device and the controller. The LwM2M protocol uses pre-shared keys, raw public keys, and X.509 certificates for authentication. However, these authentication methods have some deployment and scalability problems, and out-of-band authentication has been suggested as an alternative. This thesis project aims to adapt the LwM2M protocol for secure device pairing and lifecycle management for Internet of Things device in such a way that it can be used with out-of-band authentication. A proof-of-concept prototype has been implemented with Raspberry Pi 3 B+ as the simple device and an Android smartphone as the controller
Maximizing Penetration Testing Success with Effective Reconnaissance Techniques using ChatGPT
ChatGPT is a generative pretrained transformer language model created using
artificial intelligence implemented as chatbot which can provide very detailed
responses to a wide variety of questions. As a very contemporary phenomenon,
this tool has a wide variety of potential use cases that have yet to be
explored. With the significant extent of information on a broad assortment of
potential topics, ChatGPT could add value to many information security uses
cases both from an efficiency perspective as well as to offer another source of
security information that could be used to assist with securing Internet
accessible assets of organizations. One information security practice that
could benefit from ChatGPT is the reconnaissance phase of penetration testing.
This research uses a case study methodology to explore and investigate the uses
of ChatGPT in obtaining valuable reconnaissance data. ChatGPT is able to
provide many types of intel regarding targeted properties which includes
Internet Protocol (IP) address ranges, domain names, network topology, vendor
technologies, SSL/TLS ciphers, ports & services, and operating systems used by
the target. The reconnaissance information can then be used during the planning
phase of a penetration test to determine the tactics, tools, and techniques to
guide the later phases of the penetration test in order to discover potential
risks such as unpatched software components and security misconfiguration
related issues. The study provides insights into how artificial intelligence
language models can be used in cybersecurity and contributes to the advancement
of penetration testing techniques.
Keywords: ChatGPT, Penetration Testing, ReconnaissanceComment: 12 pages, 1 table, research articl
Elliptic Curve Cryptography in Practice
In this paper, we perform a review of elliptic curve cryptography (ECC), as it is used in practice today, in order to reveal unique mistakes and vulnerabilities that arise in implementations of ECC. We study four popular protocols that make use of this type of public-key cryptography: Bitcoin, secure shell (SSH), transport layer security (TLS), and the Austrian e-ID card. We are pleased to observe that about 1 in 10 systems support ECC across the TLS and SSH protocols. However, we find that despite the high stakes of money, access and resources protected by ECC, implementations suffer from vulnerabilities similar to those that plague previous cryptographic systems
Quantum-resistant Transport Layer Security
The reliance on asymmetric public key cryptography (PKC) and symmetric encryption for cyber-security in current telecommunication networks is threatened by the emergence of powerful quantum computing technology. This is due to the ability of quantum computers to efficiently solve problems such as factorization or discrete logarithms, which are the basis for classical PKC schemes. Thus, the assumption that communications networks are secure no longer holds true. Quantum Key Distribution (QKD) and post-quantum cryptography (PQC) are the first cyber-security technologies that allow communications to resist the attacks of a quantum computer. To achieve quantum-resistant communications, the aforementioned technologies need to be incorporated into a network security protocol such as Transport Layer Security (TLS). In this paper, we describe and implement two novel, hybrid solutions in which QKD and PQC are combined inside TLS for achieving quantum-resistant authenticated key exchange: Concatenation and Exclusively-OR (XOR). We present the results, in terms of complexity and security enhancement, of integrating state-of-the-art QKD and PQC technologies into a practical, industry-ready TLS implementation. Our findings demonstrate that the adoption of a PQC-only approach enhances the TLS handshake performance by approximately 9 % compared to classical methods. Furthermore, our hybrid PQC-QKD quantum-resistant TLS comes at a performance cost of approximately 117 % during the key establishment process. In return, we substantially augment the security of the handshake, paving the road for the development of future-proof quantum-resistant communication systems based on QKD and PQC.</p
- …